I renamed the CURLE_SSL_PEER_CERTIFICATE error code to

                                  Changelog

Daniel S (3 October 2007)

- I renamed the CURLE_SSL_PEER_CERTIFICATE error code to

  CURLE_PEER_FAILED_VERIFICATION (standard CURL_NO_OLDIES style), and made

  this return code get used by the previous SSH MD5 fingerprint check in case

  it fails.

- Based on a patch brought by Johnny Luong, libcurl now offers

  CURLOPT_SSH_HOST_PUBLIC_KEY_MD5 and the curl tool --hostpubmd5. They both

  make the SCP or SFTP connection verify the remote host's md5 checksum of the

.IP 49

Malformed telnet option.

.IP 51

The remote peer's SSL certificate wasn't ok

The peer's SSL certificate or SSH MD5 fingerprint was not ok

.IP 52

The server didn't reply anything, which here is considered an error.

.IP 53

the appropriate documentation.

.IP "CURLE_TELNET_OPTION_SYNTAX (49)"

A telnet option string was Illegally formatted.

.IP "CURLE_SSL_PEER_CERTIFICATE (51)"

The remote server's SSL certificate was deemed not OK.

.IP "CURLE_PEER_FAILED_VERIFICATION (51)"

The remote server's SSL certificate or SSH md5 fingerprint was deemed not OK.

.IP "CURLE_GOT_NOTHING (52)"

Nothing was returned from the server, and under the circumstances, getting

nothing is considered an error.

  CURLE_UNKNOWN_TELNET_OPTION,   /* 48 - User specified an unknown option */

  CURLE_TELNET_OPTION_SYNTAX ,   /* 49 - Malformed telnet option */

  CURLE_OBSOLETE50,              /* 50 - NOT USED */

  CURLE_SSL_PEER_CERTIFICATE,    /* 51 - peer's certificate wasn't ok */

  CURLE_PEER_FAILED_VERIFICATION, /* 51 - peer's certificate or fingerprint

                                     wasn't verified fine */

  CURLE_GOT_NOTHING,             /* 52 - when this is a specific error */

  CURLE_SSL_ENGINE_NOTFOUND,     /* 53 - SSL crypto engine not found */

  CURLE_SSL_ENGINE_SETFAILED,    /* 54 - can not set SSL crypto engine as

                          the obsolete stuff removed! */

/* Backwards compatibility with older names */

/* The following were added in 7.17.1 */

/* These are scheduled to disappear by 2009 */

#define CURLE_SSL_PEER_CERTIFICATE CURLE_PEER_FAILED_VERIFICATION

/* The following were added in 7.17.0 */

/* These are scheduled to disappear by 2009 */

#define CURLE_OBSOLETE CURLE_OBSOLETE50 /* noone should be using this! */

#define CURLE_BAD_PASSWORD_ENTERED CURLE_OBSOLETE46

#define CURLE_BAD_CALLING_ORDER CURLE_OBSOLETE44

  if(!chainp) {

    if(data->set.ssl.verifyhost) {

      failf(data, "failed to get server cert");

      return CURLE_SSL_PEER_CERTIFICATE;

      return CURLE_PEER_FAILED_VERIFICATION;

    }

    infof(data, "\t common name: WARNING couldn't obtain\n");

  }

      failf(data, "SSL: certificate subject name (%s) does not match "

            "target host name '%s'", certbuf, conn->host.dispname);

      gnutls_x509_crt_deinit(x509_cert);

      return CURLE_SSL_PEER_CERTIFICATE;

      return CURLE_PEER_FAILED_VERIFICATION;

    }

    else

      infof(data, "\t common name: %s (does not match '%s')\n",

  if(clock < time(NULL)) {

    if (data->set.ssl.verifypeer) {

      failf(data, "server certificate expiration date has passed.");

      return CURLE_SSL_PEER_CERTIFICATE;

      return CURLE_PEER_FAILED_VERIFICATION;

    }

    else

      infof(data, "\t server certificate expiration date FAILED\n");

  if(clock > time(NULL)) {

    if (data->set.ssl.verifypeer) {

      failf(data, "server certificate not activated yet.");

      return CURLE_SSL_PEER_CERTIFICATE;

      return CURLE_PEER_FAILED_VERIFICATION;

    }

    else

      infof(data, "\t server certificate activation date FAILED\n");